30 Percent Of CEO Emails Have Been Exposed In Breaches, Leaks

Thirty percent of email addresses and passwords belonging to CEOs of the world’s largest businesses and organizations have already been stolen and passed around online according to a new study.

The data comes as part of research conducted by Finnish cybersecurity firm F-Secure, which investigated the availability of login credentials for email accounts belonging to more than 200 chief executives.

Through checking the publicly available email addresses of the CEOs against databases of stolen and leaked credentials available online, the researchers found that three in ten CEOs have had their login credentials exposed. That figure more than doubles for tech companies, for which 63 percent had their account name and password leaked.

According to F-Secure’s research, the breaches that revealed the highest number of CEO credentials were from sites and services that one would commonly associate to the business or corporate world.

Hacks business social network LinkedIn, which occurred in 2012 and exposed more than 117 million users, and popular cloud storage service Dropbox, which also happened in 2012 and resulted in 68 million account credentials being stolen, were responsible for 71 percent of all of the exposures.

In addition to having their email addresses and passwords exposed, CEOs have also had other personal information leaked through breaches. Eighty-one percent of CEOs have had data including physical addresses, birthdates and phone numbers exposed, the researchers found—many of which came from spam lists and marketing databases that were stolen.

One breach that occurred earlier this year exposed a database of more than 1.4 billion email accounts that were collected by spam syndicate River City Media. Many of the accounts in that breach included real names, user IP addresses and physical addresses associated with the leaked email addresses.

It seems most CEOs were unable to avoid being caught up in such a wide-reaching breach or any of the litany of other hacks that have taken place in recent years. According to F-Secure, just 18 percent of CEO email addresses did not appear in any breach.

The prevalence of email credentials that are available online present a considerable challenge for organizations. Earlier this year, the Federal Bureau of Investigation (FBI) warned that Business Email Compromise (BEC) attacks were on the rise and have resulted in billions of dollars being stolen from businesses worldwide.

According to the FBI, there have been 40,203 BEC attacks reported in the last three years, resulting in affected businesses losing more than $5.3 billion. Attacks have increased exponentially in the last two years, with a 2,370 percent increase in identified losses taking place between January 2015 and December 2016.

The agency also warned that online impersonation, extortion attacks and phishing scams were among the most common and costly types of cyber crime reported by individuals and organizations in 2016 in its annual report from FBI’s Internet Crime Complaint Center (IC3) published earlier this year. The law enforcement agency said it received 298,728 complaints and recorded more than $1.33 billion in losses in the report.